Solved

Software Delpoyment using GPO

Posted on 2013-01-15
22
424 Views
Last Modified: 2013-01-16
Here is what I have done so far.

.Created an OU called it test.
.Created a user, called him test.
.Put the user test in the Test OU.
. Created a folder & shared the folder with everyone full access (just to be on the safe side).
.Download .MSI file for a program called 7-Zip.
.Put the file into the folder that I created and shared.
.Crated a new GOP, called it deployed 7zip, edit the GPO ( see attached snap shoot )
. GPO Settings. On client workstation did a gpupdate /force
.The gpupdate says it was competed successfully & User policy update has completed successfully. What it dose not do is ask me to reboot for the GPO to take affect.

Needless to say I reboot and the GPO doe not install the 7-zip.msi file.


What I'm I missing?
checked, re-checked and checked again and still no joy.
Can anyone tell me what I'm doing wrong? From what I have read and seem it should not be difficult to get this running.

Thank you all
0
Comment
Question by:noad
  • 11
  • 6
  • 2
  • +2
22 Comments
 
LVL 4

Expert Comment

by:mprssjpr
ID: 38778326
In the GPO editor, right-click the '7-Zip GPO Software' policy, and link it to the domain.
0
 
LVL 19

Expert Comment

by:lamaslany
ID: 38778333
Unless I am mistaken the GPO needs to be applied to the OU the Computer is in rather than the OU the User is in...
0
 
LVL 7

Expert Comment

by:joensw
ID: 38778366
HI
Please try to Set the Group Policy setting under Computer Configuration -> Administrative Templates -> System ->  Logon -> Always wait for the network at computer startup and logon to Enabled.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:noad
ID: 38778376
mprssjpr

Why the domain GPO, I want it to go to a specific OU. I don't want it to apply to everyone.

can you explain?

Thanks
0
 
LVL 1

Author Comment

by:noad
ID: 38778384
lamaslany

I have applied both the computer and user to the test OU.
see the snap shoot. maybe I did it wrong? Can you take a look and verify for me?

Thanks
0
 
LVL 4

Expert Comment

by:mprssjpr
ID: 38778413
Noad - yes, I know it seems illogical, but that's how it works. When you right click it, and choose 'Link Enabled' and 'Enforced', you will see in the main pane that another item appears, with the name of the domain.

You will see in that columns of the main pane that the object is NOT enforced for the domain, only for the OU. If you don't link to the domain, the object is kind of...orphaned.
0
 
LVL 1

Author Comment

by:noad
ID: 38778423
joensw

do you mean to setup a GPO in the test OU and give it those settings?

If that is what you mean, I did it and still no joy, noting seems to be working!
I still can't see what I'm doing wrong...
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 38778430
Read this to help troubleshoot the GPO:

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_11009-10-Ways-to-Troubleshoot-Group-Policy.html

The picture shows the software on the computer side. If so, you must have that linked to an ou containing computers.

You also don't need to list the computers and authenticated users on the security scope. Authenticated Users is every authenticated object (computers and users).
0
 
LVL 1

Author Comment

by:noad
ID: 38778440
mprssjpr

ok, I understand what you are saying, not sure exactly how to do it...
Can you plz explain it to me in more details.
Sorry....
Not thinking stright
0
 
LVL 1

Author Comment

by:noad
ID: 38778457
jmoody10

So you are saying to include or move the computer into the test OU?
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 38778466
mprssjpr is wrong. The GPO can be linked to an OU specifically. It does not need to be enforced or link to the domain as well.
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 38778478
From your picture, you have the MSI loaded in Computer Config\Software Installation. Because of this, the GPO must apply to a computer. If you have the GPO linked to Test OU and the GPO applies to Authenticated Users, then a computer will need to be in the Test OU as well.

The user can be in any OU.

After moving the computer, restart once (because you moved the computer object). Restart once more (so that the GPO can be downloaded). Restart once more so that it can be applied.

You can also cut these restarts down by enabling "Always wait for the network at computer startup and logon". ComputerConfig\Admin Templates\System\Group Policy
0
 
LVL 19

Expert Comment

by:lamaslany
ID: 38778500
The Computer account needs to be in the Test OU.
0
 
LVL 1

Author Comment

by:noad
ID: 38778529
Guys
I understand what you are saying.
Sorry
My primary JOB is as a Paramedic on a Fire Dept.
I'm going on a call now, bit Willie PC to test OU and try it out ASAP

Thanks all
0
 
LVL 1

Author Comment

by:noad
ID: 38779225
jmoodly10

Ok
I tested what you explain and it did not work, here is what I did.
I added the computer to the test OU and removed the GPO link from the domain.
No joy, I added the GPO link back to the Domain and it worked.
I did this second test with a different computer.

While I more then agree with you that I should be able to set the GPO to different OU's, I must still be doing something wrong.

Any other ideas as to how I can correct it?

Thanks.
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 38779360
ok. Do this:

Link GPO back to Test OU only. On a client, run this command: gpresult /h Report.htm /f. Then right click on your GPO and select Save report.

Upload both files here.
0
 
LVL 1

Author Comment

by:noad
ID: 38779670
k
will do
0
 
LVL 1

Author Comment

by:noad
ID: 38779774
Jmoody10

I ran the command and got noting, I ran gpresult -r and got the following.
I do see where the GPO is added and as per your input I removed the GPO link form the Domain GPO. I even installed Flash this way and it worked....
Now I'm working on uninstalling the 7Zip file via the GPO and will try the same with other work stations on the network.

GPO  ( gpresult -r )
0
 
LVL 22

Accepted Solution

by:
Joseph Moody earned 500 total points
ID: 38780046
If you go to C:\Users\Administrator, you can open the file named Report.htm
0
 
LVL 1

Author Comment

by:noad
ID: 38780434
Oh...
WOW, I'm way off today...

Regardless, you are correct. I was able to deploy to a win8 computer on the network that's on a different OU.
I will look into getting the report..

Thanks for all of your help.
0
 
LVL 1

Author Closing Comment

by:noad
ID: 38780438
Simple instruction to follow.
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 38782342
Not a problem!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question